[PHP-DEV] PHP 4.0 Bug #10518 Updated: mcrypt_generic is padding input when using cfb and ofb modes

[kettler]

ID: 10518
User Update by: [EMAIL PROTECTED]
Status: Assigned
Bug Type: mcrypt related
Description: mcrypt_generic is padding input when using cfb and ofb modes

Same bug also in php_mcrypt_do_crypt, here's the new patch:

--- php-4.0.4pl1/ext/mcrypt/mcrypt.c    Wed Nov 22 22:40:15 2000
+++ php-4.0.4pl1-sk/ext/mcrypt/mcrypt.c Sat Apr 28 18:44:09 2001
@@ -498,7 +498,7 @@
        convert_to_string_ex (data);
 
        /* Check blocksize */
-       if (mcrypt_enc_is_block_algorithm (td) == 1) { /* It's a block algorithm */
+       if (mcrypt_enc_is_block_mode (td) == 1) { /* It's a block algorithm */
                block_size = mcrypt_enc_get_block_size (td);
                data_size = (((Z_STRLEN_PP(data) - 1) / block_size) + 1) * block_size;
                data_s = emalloc (data_size);
@@ -539,7 +539,7 @@
        convert_to_string_ex (data);
 
        /* Check blocksize */
-       if (mcrypt_enc_is_block_algorithm (td) == 1) { /* It's a block algorithm */
+       if (mcrypt_enc_is_block_mode (td) == 1) { /* It's a block algorithm */
                block_size = mcrypt_enc_get_block_size (td);
                data_size = (((Z_STRLEN_PP(data) - 1) / block_size) + 1) * block_size;
                data_s = emalloc (data_size);
@@ -1280,7 +1280,7 @@
        }
 
        /* Check blocksize */
-       if (mcrypt_enc_is_block_algorithm (td) == 1) { /* It's a block algorithm */
+       if (mcrypt_enc_is_block_mode (td) == 1) { /* It's a block algorithm */
                block_size = mcrypt_enc_get_block_size (td);
                data_size = (((Z_STRLEN_PP(data) - 1) / block_size) + 1) * block_size;
                data_s = emalloc (data_size);

Previous Comments:
---------------------------------------------------------------------------

[2001-04-26 19:39:06] [EMAIL PROTECTED]
thx, will look into this soon

---------------------------------------------------------------------------

[2001-04-26 18:28:36] [EMAIL PROTECTED]
When encrypting using a block cipher and cfb or ofb mode the 
mcrypt_generic/mdecrypt_generic function
still pad the input to a multiple of the underlying algorithm's block size. Input 
should not be padded when used with 
cfb or ofb mode.


Script showing the bug:

$key   = pack("H*", 
"0000000000000000000000000000000000000000000000000000000000000000");
$iv    = pack("H*", "00000000000000000000000000000000");
$plain = pack("H*", "0000000000000000");
$handle = mcrypt_module_open(MCRYPT_TWOFISH, "", MCRYPT_MODE_CFB, "");
mcrypt_generic_init($handle, $key, $iv);
$crypted = mcrypt_generic($handle, $plain);
mcrypt_generic_end($handle);
print bin2hex($plain)."nn";
print bin2hex($crypted)."nn";


Proposed patch:

--- mcrypt/mcrypt.c     Wed Nov 22 22:40:15 2000
+++ mcrypt-sk/mcrypt.c  Fri Apr 27 00:25:16 2001
@@ -498,7 +498,7 @@
        convert_to_string_ex (data);
 
        /* Check blocksize */
-       if (mcrypt_enc_is_block_algorithm (td) == 1) { /* It's a block algorithm */
+       if (mcrypt_enc_is_block_mode (td) == 1) { /* It's a block algorithm */
                block_size = mcrypt_enc_get_block_size (td);
                data_size = (((Z_STRLEN_PP(data) - 1) / block_size) + 1) * block_size;
                data_s = emalloc (data_size);
@@ -539,7 +539,7 @@
        convert_to_string_ex (data);
 
        /* Check blocksize */
-       if (mcrypt_enc_is_block_algorithm (td) == 1) { /* It's a block algorithm */
+       if (mcrypt_enc_is_block_mode (td) == 1) { /* It's a block algorithm */
                block_size = mcrypt_enc_get_block_size (td);
                data_size = (((Z_STRLEN_PP(data) - 1) / block_size) + 1) * block_size;
                data_s = emalloc (data_size);

---------------------------------------------------------------------------


Full Bug description available at: http://bugs.php.net/?id=10518


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]